From: Tobias Brunner Date: Thu, 5 Feb 2026 16:53:58 +0000 (+0100) Subject: testing: Add a reauthentication to ikev2/dhcp-static-client-id X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7973080969338de6d17eceef063498c0f9f33a4d;p=thirdparty%2Fstrongswan.git testing: Add a reauthentication to ikev2/dhcp-static-client-id This verifies that we don't release the lease when the old SA is deleted during the reauthentication. --- diff --git a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat index 52ada2840f..b3bda22392 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat +++ b/testing/tests/ikev2/dhcp-static-client-id/evaltest.dat @@ -6,6 +6,10 @@ alice::ping -c 1 10.1.0.30::64 bytes from 10.1.0.30: icmp_.eq=1::YES carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES alice::ping -c 1 10.1.0.40::64 bytes from 10.1.0.40: icmp_.eq=1::YES dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES +dave::swanctl --rekey --reauth --ike home +dave::sleep 1 +dave::swanctl --list-sas --ike-id 2 --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*local-vips=\[10.1.0.40] child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.40/32] remote-ts=\[10.1.0.0/16]::1 +moon::cat /var/log/daemon.log::DHCP RELEASE for 10.1.0.40::NO moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES @@ -20,3 +24,5 @@ alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reques alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo reply::YES alice::tcpdump::IP dave2.strongswan.org > alice.strongswan.org: ICMP echo request::YES alice::tcpdump::IP alice.strongswan.org > dave2.strongswan.org: ICMP echo reply::YES +dave::swanctl --terminate --ike home +moon::cat /var/log/daemon.log::DHCP RELEASE for 10.1.0.40::YES diff --git a/testing/tests/ikev2/dhcp-static-client-id/posttest.dat b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat index cd77f5d67e..d9ad82c69f 100644 --- a/testing/tests/ikev2/dhcp-static-client-id/posttest.dat +++ b/testing/tests/ikev2/dhcp-static-client-id/posttest.dat @@ -1,5 +1,5 @@ +# dave already disconnected in evaltest carol::swanctl --terminate --ike home -dave::swanctl --terminate --ike home carol::systemctl stop strongswan dave::systemctl stop strongswan moon::systemctl stop strongswan